- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Fortigate 90D to connect to strong swan
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortigate 90D to connect to strong swan
I cannot seem to get the tunnel up between my FTG90D and my StrongSwan
FGT Config
FGT90D # config vpn ipsec phase1-interface
FGT90D (phase1-interface) # edit Phase1
FGT90D (Phase1) # show full
config vpn ipsec phase1-interface
edit "Phase1"
set type static
set interface "Outside-WAN"
set ip-version 4
set ike-version 2
set local-gw 0.0.0.0
set nattraversal enable
set keylife 86400
set authmethod psk
set peertype any
set mode-cfg disable
set proposal aes128-sha1
set localid "x.x.x.x"
set localid-type auto
set negotiate-timeout 30
set dpd disable
set forticlient-enforcement disable
set comments ''
set npu-offload enable
set dhgrp 5
set eap disable
set wizard-type custom
set remote-gw x.x.x.x
set monitor ''
set add-gw-route disable
set psksecret ENC <psk>
set auto-negotiate enable
next
end
FGT90D (Phase1) # end
FGT90D # config vpn ipsec phase2-interface
FGT90D (phase2-interface) # edit Phase2
FGT90D (Phase2) # show full-configuration
config vpn ipsec phase2-interface
edit "Phase2"
set phase1name "Phase1"
set proposal aes128-sha1
set pfs enable
set dhgrp 5
set replay enable
set keepalive disable
set auto-negotiate disable
set keylife-type seconds
set encapsulation tunnel-mode
set comments ''
set protocol 0
set src-addr-type subnet
set src-port 0
set dst-addr-type subnet
set dst-port 0
set keylifeseconds 86400
set src-subnet 10.101.7.0 255.255.255.0
set dst-subnet x.x.x.x 255.255.255.255
next
end
Strongswan IPsec.conf
conn Fortigate90
#CLIENT
leftsourceip=x.x.x.x
left=%defaultroute
leftsubnet=x.x.x.x/32
leftnexthop=%defaultroute
leftid=x.x.x.x
#REMOTEHOST
right=z.z.z.z
rightsubnet=10.101.7.0/24
rightnexthop=%defaultroute
rightid=z.z.z.z
#GENERAL
auto=add
authby=secret
type=tunnel
#pfs=yes
compress=yes
forceencaps=yes
keyexchange=ikev2
aggrmode=no
#PHASE1
ike=aes128-sha1;modp1536
keylife=86400s
ikelifetime=86400s
#PHASE2
#phase2=esp
#phase2alg=aes128-sha1;modp1536
#REKEYING
rekey=yes
rekeymargin=15m
#You may put your configuration (.conf) file in the "/etc/ipsec.d/" and uncomment this.
#include /etc/ipsec.d/*.conf
Is ther some mismatch in the config I am missing?
0 REPLIES 0
Related Posts
- connect fortigate to 2 sophos at... 192 Views
- Fortigate 60d boot device failing 129 Views
- FortiClient IPSec VPN keeps connecting to... 119 Views
- Forticlient Radius Authentication Across IPSEC Tunnel 236 Views
- FortiGate 30E Slow connection via NAT 191 Views
Labels
-
FortiGate
6,489 -
FortiClient
1,294 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
413 -
5.6
362 -
FortiSwitch
331 -
FortiAP
331 -
FortiClient EMS
260 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
149 -
6.4
128 -
FortiNAC
103 -
FortiGuard
102 -
FortiGateCloud
87 -
FortiSIEM
86 -
FortiCloud Products
82 -
IPsec
70 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
Wireless Controller
58 -
SSL-VPN
57 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
Firewall policy
22 -
FortiConverter
21 -
High Availability
20 -
VLAN
18 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiCASB
12 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
Virtual IP
8 -
FortiAuthenticator
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
NAT
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSID
6 -
SSL SSH inspection
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Security profile
5 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
NAC policy
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.